Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nagios | nagios | 1.3 |
| nagios | nagios | 3.0.1 |
| nagios | nagios | 1.0 |
| nagios | nagios | 1.1 |
| nagios | nagios | 2.9 |
| nagios | nagios | 2.4 |
| nagios | nagios | 2.0b6 |
| nagios | nagios | 2.0b3 |
| nagios | nagios | 2.0b2 |
| nagios | nagios | 2.2 |
| nagios | nagios | 3.0 |
| op5 | monitor | 3.3.3 |
| nagios | nagios | 2.1 |
| nagios | nagios | 1.0_b1 |
| op5 | monitor | 3.0.0 |
| op5 | monitor | 3.2.4 |
| nagios | nagios | 1.0b1 |
| nagios | nagios | 1.4.1 |
| op5 | monitor | 3.3.1 |
| nagios | nagios | 2.5 |
| nagios | nagios | 1.0b4 |
| nagios | nagios | 2.10 |
| nagios | nagios | 2.8 |
| nagios | nagios | 3.0.3 |
| nagios | nagios | 2.0rc1 |
| nagios | nagios | 2.0 |
| nagios | nagios | 1.2 |
| op5 | monitor | 2.4 |
| nagios | nagios | 1.0_b3 |
| op5 | monitor | * |
| nagios | nagios | 1.0b5 |
| nagios | nagios | 1.0b6 |
| nagios | nagios | 2.3 |
| op5 | monitor | 2.8 |
| nagios | nagios | 2.0b1 |
| nagios | nagios | 2.7 |
| nagios | nagios | 2.0b4 |
| nagios | nagios | 2.3.1 |
| nagios | nagios | 3.0.2 |
| nagios | nagios | 2.0b5 |
| op5 | monitor | 3.0 |
| nagios | nagios | 1.0b3 |
| nagios | nagios | 1.0_b2 |
| op5 | monitor | 3.3.2 |
| op5 | monitor | 3.2 |
| nagios | nagios | * |
| op5 | monitor | 2.6 |
| nagios | nagios | 1.4 |
| nagios | nagios | 2.0rc2 |
| nagios | nagios | 2.11 |
| nagios | nagios | 1.0b2 |
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| op5 | monitor | 5.5.1 |
| op5 | monitor | 5.7.1 |
| op5 | monitor | 5.3.5 |
| op5 | monitor | 6.0.0 |
| op5 | monitor | * |
| op5 | monitor | 6.1.2 |
| op5 | monitor | 6.0.3 |
| op5 | monitor | 6.0.6 |
| op5 | monitor | 5.8.1 |
| op5 | monitor | 6.0.7 |
| op5 | monitor | 6.1.0 |
| op5 | monitor | 5.5.0 |
| op5 | monitor | 5.7.4 |
| op5 | monitor | 5.7.0 |
| op5 | monitor | 5.4.0 |
| op5 | monitor | 5.5.3.1 |
| op5 | monitor | 5.8.0 |
| op5 | monitor | 5.7.3.1 |
| op5 | monitor | 5.6.1 |
| op5 | monitor | 5.7.3 |
| op5 | monitor | 5.7.3.3 |
| op5 | monitor | 6.0.4 |
| op5 | monitor | 5.5.3 |
| op5 | monitor | 5.6.2.2 |
| op5 | monitor | 6.1.1 |
| op5 | monitor | 5.4.2 |
| op5 | monitor | 5.6.0 |
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pnp4nagios | pnp4nagios | 0.6.14 |
| pnp4nagios | pnp4nagios | 0.6.19 |
| pnp4nagios | pnp4nagios | 0.6.4 |
| pnp4nagios | pnp4nagios | 0.6.7 |
| pnp4nagios | pnp4nagios | 0.6.11 |
| pnp4nagios | pnp4nagios | 0.6.1 |
| pnp4nagios | pnp4nagios | * |
| pnp4nagios | pnp4nagios | 0.6.20 |
| pnp4nagios | pnp4nagios | 0.6.12 |
| pnp4nagios | pnp4nagios | 0.6.0 |
| pnp4nagios | pnp4nagios | 0.6.3 |
| pnp4nagios | pnp4nagios | 0.6.6 |
| pnp4nagios | pnp4nagios | 0.6.15 |
| pnp4nagios | pnp4nagios | 0.6.5 |
| pnp4nagios | pnp4nagios | 0.6.10 |
| pnp4nagios | pnp4nagios | 0.6.13 |
| pnp4nagios | pnp4nagios | 0.6.18 |
| pnp4nagios | pnp4nagios | 0.6.17 |
| op5 | monitor | 6.3.0 |
| pnp4nagios | pnp4nagios | 0.6.2 |
| pnp4nagios | pnp4nagios | 0.6.16 |
OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| op5 | monitor | * |